Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

40 WordPress Tips: Security, Engagement, SEO & Performance - SMX Sydney 2013


Published on

My talk at #SMX Sydney 2013 featuring 40 tips on WordPress security, WordPress SEO as well as a huge set of plug-in recommendation to get the maximum out of WordPress.

Published in: Technology
  • Great!
    Are you sure you want to  Yes  No
    Your message goes here
  • Hi Bastian, gute Infos in der Präsi. Die Präsi hätte sich wunderbar geeignet als Aufsatz zu meinem Vortrag auf der Campixx ;)
    Are you sure you want to  Yes  No
    Your message goes here

40 WordPress Tips: Security, Engagement, SEO & Performance - SMX Sydney 2013

  1. 40 WordPress Tips- Security, Engagement, SEO & Performance - Sydney, April 2013 Bastian Grimm, Managing Partner - Grimm Digital
  2. About meSEO Trainings, Seminars & Strategy ConsultingWordPress Security, Consulting & Development @basgrBerlin-based Full-Service Performance Marketing Agency 2
  4. Who is running WordPress?!
  5. See… that‘s the issue!You’re the “hackers” most-loved target!
  6. Section #1: Security
  7. #1 Setup WordPress properly Use unique keys and salts to add random elements for encryption! Use a cryptic prefix to prevent automated scripts and SQL injections. $table_prefix = ‘wp_VzQCxSJv7uL_ ‘;
  8. #2 Protect your wp-config.php <files wp-config.php> order deny,allow deny from all This needs to go into your WP roots’ </files> .htaccess file to prevent external access Did you know this? Event better… move wp-config.php outside of „www“.
  9. #3 Remove the default „admin“ Setup new user as admin; logout. Login w/ new admin; delete old one. Make sure to use a STRONG password, pleeaaasssseeee!
  10. #4 Lock-out multiple failed logins Limit Login Attempts
  11. #5 Never EVER do this! These sites are more than worse…
  12. A quick peak into some theme files… LOL! „family friendly“ links – my a*s… 12
  13. A quick peak into some theme files… functions.php: This theme won‘t be working without those links… 13
  14. #6 Always use TAC to do a pre-check! Theme Authenticity Checker (TAC)
  15. It gets worse: base64 encoded footer Are you really sure you want to see that footer.php file? 15
  16. Right… NICE FOOTER! 16
  17. If you are REALLY curious… The PHP code isn’t “really” encrypted, rather kind of obfuscated. Reversing is possible!
  18. PLEASE… stay awayfrom “free” WordPress themes – they’re not free, really!
  19. #7 Update your blogs regularly! WP Updates Notifier to get emails on out-dated components (core, themes & plug-ins) for all blogs: – /wp-updates-notifier/ ManageWP can do one-click mass updates (core, themes, plug-ins again) for all your blogs: –
  20. #8 Keep your installation clean Remove all inactive plug-ins as well as themes! 20
  21. #9 Scan your Theme daily WP AntiVirus
  22. #10 Harden your Security Settings Secure WordPress Most important: Remove version number from ALL components & block malicious URL requests.
  23. #11 Protect wp-admin Recommended: Try the “Lockdown WP Admin” plug-in to protect PHP files in wp-admin as well as the login itself. Put an .htaccess to your /wp-admin/ for basic passwd. protection.
  24. #12 Fix File & Folder Permissions WP-Security Scan Very important: chmod your wp-config.php to be read-only!
  25. #13 Move the “wp-content” folderdefine(WP_CONTENT_DIR, $_SERVER[DOCUMENT_ROOT]./blog/my-wp-content); WP_CONTENT_DIR points to “new” the full local path (no trailing slash)define(WP_CONTENT_URL,; WP_CONTENT_URL points to “new” full URI (no trailing slash either)
  26. #14 SSL Logins & Administrationdefine(FORCE_SSL_LOGIN, true); Set FORCE_SSL_LOGIN to “true” to force all logins to happen over SSL. (still allows non-SSL admin sessions)define(FORCE_SSL_ADMIN, true); Use FORCE_SSL_ADMIN to force all logins and all admin sessions to happen over SSL (can be slow…)
  27. Section #2: WordPress SEO
  28. #15 WordPress SEO by Yoast Make sure to uncheck this! Enables setting noindex, canonical & 301 (for users) on a per-post basis
  29. #15 WordPress SEO by Yoast You surely don‘t need paged archives, categories, etc. – they‘re targeting the same keys anyways. Affiliate sites mainly have pages, no need for RSS. Check all of them!
  30. #15 WordPress SEO by Yoast Set proper a page title & description, also choose author for SERP listing
  31. #15 WordPress SEO by Yoast Use help section to get details for all 30+ variables! Keep unchecked unless you’re publishing news. Default value has been changed w/ last update.
  32. In addition: Post-level settings You can overwrite defaults on a per-post level using the “Advanced” settings. 32
  33. #15 WordPress SEO by Yoast Usually you just need one (unless having a HUGE amount of content) – “noindex” the other one!
  34. #15 WordPress SEO by Yoast Especially w/ single-authored blogs, those are a 1:1 copy of your homepage. 301 is the better solution!
  35. #15 WordPress SEO by Yoast For larger sites, check to auto- generate XML sitemaps. Remember to check excludes!
  36. #15 WordPress SEO by Yoast Make absolutely sure you‘re using these!
  37. BTW: Clean those URL-Slugs WP Permalauts Especially important for Germany, France, etc.
  38. #15 WordPress SEO by Yoast
  39. Trust me… things change!Check out SEO data transporter to switch SEO plug-ins!
  40. Migration made easy: Painless switching! SEO Data Transporter
  41. Section #3: More SEO…
  42. Credits: Make absolutely sure you onlyuse plug-ins from trusted authors!
  43. #16 Fix your Pagination Better crawl-ability, better WP-PageNavi indexation – what else u want? WordPress pagination s*cks, replace it!
  44. #17 Improve internal Cross-Linking Yet Another Related Posts Plugin
  45. #18 Auto-optimize Image Attributes SEO Friendly Images Forces post title & image name to be used as img alt-attribute
  46. #19 Redirect old Contents Redirection
  47. #20 Have Rich-Snippets if possible Schema Creator
  48. #21 Mask your Affiliate Links Eclipse Link Cloaker
  49. Don’t forget to tweak your robots.txt We don‘t want some WPUser-Agent: * specific files & foldersDisallow: /wp-admin/Disallow: /feed/Disallow: /comments/feed/Disallow: /*/trackback/$Disallow: /*/feed/$Disallow: /*.css$ Adjust according to yourDisallow: /*.js$Disallow: /r/ Link Cloaker settings. 49
  50. Section #4: Engagement
  51. #22 Responsive WP-Slider in Seconds Soliloquy Slider
  52. #23 Create an „UberMenu“ UberMenu
  53. #24 Create beautiful Popups Ninja Popups
  54. #25 Fix your Internal Search Relevanssi Search
  55. #26 Selling goods within WordPress? Easy Digital Downloads
  56. #27 Make it multi-lingual WPML
  57. #28 Make it work on Mobile Devices WPtouch
  58. Section #5: Maintenance 58
  59. #29 Do a Theme Test Drive Live-Testing a new theme without anyone else noticing… nice!
  60. #30 Debug your WordPress P3 (Plugin Perf. Profiler)
  61. #30 Debug your WordPress P3 (Plugin Perf. Profiler)
  62. #30 Debug your WordPress P3 (Plugin Perf. Profiler)
  63. #31 Debug your WordPress Debug Objects
  64. #32 Enable Akismet Just enable, get an API key and turn „auto-delete“ on!
  65. #33 Backup Database & Files BackWPup
  66. #34 Watch out for Errors  Knowledge is power  Use a 404 logger – Analytics software – Redirection (built-in) – Webserver logs  Setup 301 redirects accordingly using “Redirection”, again. Image-Credits:
  67. #35 Maintain Categories & Tags Term Mgmt. Tools Mass merge & change parents
  68. Section #6: Performance
  69. Scoring domains byperformance; give it a try!
  70. #36 Compress those Images 13.2% savings WP for one image!
  71. Tip: Make images even smaller! Use tinyPNG to optimize PNG files without loosing in quality (up to 70% savings)JPEGmini does the same for JPEGfiles and will reduce your images massively (up to 80% smaller)! &
  72. #37 Setup a Caching Plug-in W3 Total Cache
  73. #38 Combine multiple CSS files Combine CSS files into one to reduce the number of HTTP requests Minify the big file by removing white- spaces, etc. to reduce file size per request – Check: W3Total > Performance > Minify! Same goes for JavaScript as well… and put those JS files into the footer, if possible! 73
  74. #39 Do CSS-Sprites
  75. Tip: Move static contents to a CDN Latency is crucial – especially if you’re serving a global audience, offloading statics to a CDN will give additional performance. CDN Overview:
  76. #40 Off-load JS-Libs WP Use Google Libraries Simply enable the plug-in & serve JS libs from Google‘s CDN!
  77. How to make your site lightning-fast…
  78. OMCap 2011 - Online Marketing Konferenz Berlin And that’s it! …13.10.2011 78
  79. Thanks! Questions? Bastian Grimm, Managing Partner - Grimm Digital